vendor-cyber-risk-analyst
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of instructional Markdown files. There are no executable scripts, binaries, or configuration files that could perform actions on the host system or network.
- [NO_CODE]: No code or scripts were found in the skill package. All logic and workflows are provided as natural language instructions for the AI agent to follow when assisting with risk analysis tasks.
- [DATA_EXFILTRATION]: No network operations, external URL requests, or data exfiltration patterns were detected. The skill does not define any automated data transfer mechanisms.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were discovered in the metadata or instructional text.
- [PROMPT_INJECTION]: No patterns of prompt injection, such as instructions to ignore safety guidelines or override system prompts, were found in the skill's instructions or metadata.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves analyzing untrusted third-party data (vendor questionnaires and security attestations), it lacks dangerous capabilities—such as file writing, shell execution, or network access—that could be exploited via embedded instructions in that data. The output is limited to generated risk reports and memos for human review.
Audit Metadata